#49556 Add wolfSSL and use it with VDE 2, fixing VDE 2's dependency on obsolete OpenSSL 1.0

Message #5 received at submit@debbugs.gnu.org (full text, mbox, reply):

From: Leo Famulari <leo@famulari.name>

To: guix-patches@gnu.org

Subject: Add wolfSSL and use it with VDE 2, fixing VDE 2's dependency on obsolete OpenSSL 1.0

Date: Tue, 13 Jul 2021 18:59:58 -0400

[Message part 1 (text/plain, inline)]

These patches add wolfSSL and replace VDE 2's dependency on the obsolete
OpenSSL 1.0 with wolfSSL.

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 49556@debbugs.gnu.org (full text, mbox, reply):

From: Leo Famulari <leo@famulari.name>

To: 49556@debbugs.gnu.org

Subject: [PATCH 2/2] gnu: VDE 2: Update to 2.3.2-0.8599321.

Date: Tue, 13 Jul 2021 19:01:55 -0400

Updating to this unreleased revision allows us to package VDE 2 with
wolfSSL instead of the obsolete OpenSSL 1.0:

https://github.com/virtualsquare/vde-2/issues/2

* gnu/packages/networking.scm (vde2): Update to 2.3.2-0.8599321.
[source]: Use git-fetch.
[native-inputs]: Add autoconf, automake, and libtool
[inputs]: Replace openssl-1.0 with wolfssl.
---
 gnu/packages/networking.scm | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 19b58501e9..d99af3035c 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -13,7 +13,7 @@
 ;;; Copyright © 2016 Benz Schenk <benz.schenk@uzh.ch>
 ;;; Copyright © 2016, 2017 Pjotr Prins <pjotr.guix@thebird.nl>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
-;;; Copyright © 2017, 2020 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017, 2020, 2021 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017, 2018, 2019, 2020 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017, 2018, 2019 Rutger Helling <rhelling@mykolab.com>
 ;;; Copyright © 2017, 2019 Gábor Boskovits <boskovits@gmail.com>
@@ -3789,22 +3789,31 @@ network.  This must be enabled on the target host, usually in the BIOS.")
     (license license:gpl2)))
 
 (define-public vde2
+  (let ((commit "8599321526d0a31925fe55cabbe132b752cb268a")
+        (revision "0"))
   (package
     (name "vde2")
-    (version "2.3.2")
+    (version (git-version "2.3.2" revision commit))
     (source
      (origin
-       (method url-fetch)
-       (uri "mirror://sourceforge/vde/vde2/2.3.2/vde2-2.3.2.tar.gz")
+       (method git-fetch)
+       (uri (git-reference
+              (url "https://github.com/virtualsquare/vde-2")
+              (commit commit)))
+       (file-name (git-file-name name version))
        (sha256
-        (base32 "14xga0ib6p1wrv3hkl4sa89yzjxv7f1vfqaxsch87j6scdm59pr2"))))
+        (base32 "1dirkcbjh7c5kz7d065g1yq7vg8jl93hql3brfxd84k8hc8nqjb2"))))
     (build-system gnu-build-system)
     (arguments
      `(#:parallel-build? #f))           ; Build fails if #t.
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)))
     (inputs
      `(("python" ,python)
        ("libpcap" ,libpcap)
-       ("openssl" ,openssl-1.0)))       ; Build fails with 1.1.
+       ("wolfssl" ,wolfssl)))
     (home-page "https://github.com/virtualsquare/vde-2")
     (synopsis "Virtual Distributed Ethernet")
     (description "VDE is a set of programs to provide virtual software-defined
@@ -3816,7 +3825,7 @@ cables.")
                    license:lgpl2.1       ; libvdeplug
                    (license:non-copyleft ; slirpvde
                     "file://COPYING.slirpvde"
-                    "See COPYING.slirpvde in the distribution.")))))
+                    "See COPYING.slirpvde in the distribution."))))))
 
 (define-public haproxy
   (package
-- 
2.32.0

Message #13 received at 49556@debbugs.gnu.org (full text, mbox, reply):

From: Leo Famulari <leo@famulari.name>

To: 49556@debbugs.gnu.org

Subject: [PATCH 1/2] gnu: Add wolfSSL.

Date: Tue, 13 Jul 2021 19:01:54 -0400

* gnu/packages/tls.scm (wolfssl): New variable.
---
 gnu/packages/tls.scm | 34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index c1e8b46a84..ef32170f76 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020, 2021 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
@@ -48,6 +48,7 @@
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages)
+  #:use-module (gnu packages autotools)
   #:use-module (gnu packages bash)
   #:use-module (gnu packages check)
   #:use-module (gnu packages curl)
@@ -1150,3 +1151,34 @@ default set of preferences.  Remaining on a specific version for backwards
 compatibility is also supported.")
     (home-page "https://github.com/awslabs/s2n")
     (license license:asl2.0)))
+
+(define-public wolfssl
+  (package
+    (name "wolfssl")
+    (version "4.8.0")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                     (url "https://github.com/wolfSSL/wolfssl")
+                     (commit (string-append "v" version "-stable"))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "1w9gs9cq2yhj5s3diz3x1l15pgrc1pbm00jccizvcjyibmwyyf2h"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:configure-flags
+       '("--enable-reproducible-build")))
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)))
+    (synopsis "SSL/TLS implementation")
+    (description "The wolfSSL embedded SSL library (formerly CyaSSL) is an
+SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and
+resource-constrained environments - primarily because of its small size, speed,
+and feature set.  wolfSSL supports industry standards up to the current TLS 1.3
+and DTLS 1.2, is up to 20 times smaller than OpenSSL, and offers progressive
+ciphers such as ChaCha20, Curve25519, NTRU, and Blake2b.")
+    (home-page "https://www.wolfssl.com/")
+    (license license:gpl2+))) ; Audit
-- 
2.32.0

Message #16 received at 49556@debbugs.gnu.org (full text, mbox, reply):

From: Diego Nicola Barbato <dnbarbato@posteo.de>

To: Leo Famulari <leo@famulari.name>

Cc: 49556@debbugs.gnu.org

Subject: Re: [bug#49556] [PATCH 2/2] gnu: VDE 2: Update to 2.3.2-0.8599321.

Date: Tue, 03 Aug 2021 18:01:33 +0000

Hi Leo,

Leo Famulari <leo@famulari.name> writes:

> Updating to this unreleased revision allows us to package VDE 2 with
> wolfSSL instead of the obsolete OpenSSL 1.0:
>
> https://github.com/virtualsquare/vde-2/issues/2
>
> * gnu/packages/networking.scm (vde2): Update to 2.3.2-0.8599321.
> [source]: Use git-fetch.
> [native-inputs]: Add autoconf, automake, and libtool
> [inputs]: Replace openssl-1.0 with wolfssl.

[...]

I've tried building this and it looks like the configure script fails to
detect wolfSSL (the build still succeeds, but "VDE CryptCab" is
disabled):

--8<---------------cut here---------------start------------->8---
Configure results:

 - VDE CryptCab............ disabled
 + VDE Router.............. enabled
 + VDE VXLAN............... enabled
 + Python Libraries........ enabled
 + TAP support............. enabled
 + pcap support............ enabled
 - Experimental features... disabled
 - Profiling options....... disabled
 - Kernel switch........... disabled


configure: WARNING: VDE CryptCab support has been disabled because wolfSSL is
not installed on your system, or because wolfssl/wolfcrypt/chacha.h could not be found.
Please install libwolfssl if you want CryptCab to be compiled and installed.
--8<---------------cut here---------------end--------------->8---

I suspect the following lines in configure.ac are the culprit:

--8<---------------cut here---------------start------------->8---
AC_CHECK_LIB([crypto], [EVP_EncryptInit],
  [add_cryptcab_support=yes],
  [add_cryptcab_support=no ; warn_cryptcab=yes])
--8<---------------cut here---------------end--------------->8---

This might've been overlooked when switching from OpenSSL to wolfSSL,
since libcrypto is provided by the former, but not the latter.  They
should probably be changed to something like this instead:

--8<---------------cut here---------------start------------->8---
AC_CHECK_LIB([wolfssl], [wc_Chacha_Process],
  [add_cryptcab_support=yes],
  [add_cryptcab_support=no ; warn_cryptcab=yes])
--8<---------------cut here---------------end--------------->8---

I'll report this issue upstream.

Regards,

Diego

Message #19 received at 49556@debbugs.gnu.org (full text, mbox, reply):

From: Leo Famulari <leo@famulari.name>

To: Diego Nicola Barbato <dnbarbato@posteo.de>

Cc: 49556@debbugs.gnu.org

Subject: Re: [bug#49556] [PATCH 2/2] gnu: VDE 2: Update to 2.3.2-0.8599321.

Date: Tue, 3 Aug 2021 18:04:22 -0400

On Tue, Aug 03, 2021 at 06:01:33PM +0000, Diego Nicola Barbato wrote:
> I suspect the following lines in configure.ac are the culprit:
> 
> --8<---------------cut here---------------start------------->8---
> AC_CHECK_LIB([crypto], [EVP_EncryptInit],
>   [add_cryptcab_support=yes],
>   [add_cryptcab_support=no ; warn_cryptcab=yes])
> --8<---------------cut here---------------end--------------->8---

Thanks for catching that!

> I'll report this issue upstream.

Okay, please share the link to your report once you have made it.

Message #22 received at 49556@debbugs.gnu.org (full text, mbox, reply):

From: Leo Famulari <leo@famulari.name>

To: 49556@debbugs.gnu.org

Subject: [PATCH v2 0/2] wolfSSL / VDE-2

Date: Tue, 3 Aug 2021 19:56:49 -0400

I made the changes to VDE-2's configure.ac that Diego suggested, and
VDE-2 does register the presence of wolfSSL and configure the build to
use it for cryptcab.

Please refer to the following v2 patch series.

Leo Famulari (2):
  gnu: Add wolfSSL.
  gnu: VDE 2: Update to 2.3.2-0.8599321.

 gnu/packages/networking.scm | 35 +++++++++++++++++++++++++++--------
 gnu/packages/tls.scm        | 34 +++++++++++++++++++++++++++++++++-
 2 files changed, 60 insertions(+), 9 deletions(-)

-- 
2.32.0

Message #25 received at 49556@debbugs.gnu.org (full text, mbox, reply):

From: Leo Famulari <leo@famulari.name>

To: 49556@debbugs.gnu.org

Subject: [PATCH v2 1/2] gnu: Add wolfSSL.

Date: Tue, 3 Aug 2021 19:56:50 -0400

* gnu/packages/tls.scm (wolfssl): New variable.
---
 gnu/packages/tls.scm | 34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index d98a724b5f..7a0a9bd9a9 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020, 2021 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
@@ -48,6 +48,7 @@
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages)
+  #:use-module (gnu packages autotools)
   #:use-module (gnu packages bash)
   #:use-module (gnu packages check)
   #:use-module (gnu packages curl)
@@ -1158,3 +1159,34 @@ default set of preferences.  Remaining on a specific version for backwards
 compatibility is also supported.")
     (home-page "https://github.com/awslabs/s2n")
     (license license:asl2.0)))
+
+(define-public wolfssl
+  (package
+    (name "wolfssl")
+    (version "4.8.0")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                     (url "https://github.com/wolfSSL/wolfssl")
+                     (commit (string-append "v" version "-stable"))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "1w9gs9cq2yhj5s3diz3x1l15pgrc1pbm00jccizvcjyibmwyyf2h"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:configure-flags
+       '("--enable-reproducible-build")))
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)))
+    (synopsis "SSL/TLS implementation")
+    (description "The wolfSSL embedded SSL library (formerly CyaSSL) is an
+SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and
+resource-constrained environments - primarily because of its small size, speed,
+and feature set.  wolfSSL supports industry standards up to the current TLS 1.3
+and DTLS 1.2, is up to 20 times smaller than OpenSSL, and offers progressive
+ciphers such as ChaCha20, Curve25519, NTRU, and Blake2b.")
+    (home-page "https://www.wolfssl.com/")
+    (license license:gpl2+))) ; Audit
-- 
2.32.0

Message #28 received at 49556@debbugs.gnu.org (full text, mbox, reply):

From: Leo Famulari <leo@famulari.name>

To: 49556@debbugs.gnu.org

Subject: [PATCH v2 2/2] gnu: VDE 2: Update to 2.3.2-0.8599321.

Date: Tue, 3 Aug 2021 19:56:51 -0400

Updating to this unreleased revision allows us to package VDE 2 with
wolfSSL instead of the obsolete OpenSSL 1.0:

https://github.com/virtualsquare/vde-2/issues/2

* gnu/packages/networking.scm (vde2): Update to 2.3.2-0.8599321.
[source]: Use git-fetch.
[native-inputs]: Add autoconf, automake, and libtool
[inputs]: Replace openssl-1.0 with wolfssl.
[arguments]: Add a 'fix-configure' phase.
---
 gnu/packages/networking.scm | 35 +++++++++++++++++++++++++++--------
 1 file changed, 27 insertions(+), 8 deletions(-)

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 05fd092b23..2263d26c41 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -13,7 +13,7 @@
 ;;; Copyright © 2016 Benz Schenk <benz.schenk@uzh.ch>
 ;;; Copyright © 2016, 2017 Pjotr Prins <pjotr.guix@thebird.nl>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
-;;; Copyright © 2017, 2020 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017, 2020, 2021 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017, 2018, 2019, 2020 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017, 2018, 2019 Rutger Helling <rhelling@mykolab.com>
 ;;; Copyright © 2017, 2019 Gábor Boskovits <boskovits@gmail.com>
@@ -3833,22 +3833,41 @@ some traces for unprivileged users.")
                    license:lgpl2.1+)))) ;for the libsupp subdirectory
 
 (define-public vde2
+  (let ((commit "8599321526d0a31925fe55cabbe132b752cb268a")
+        (revision "0"))
   (package
     (name "vde2")
-    (version "2.3.2")
+    (version (git-version "2.3.2" revision commit))
     (source
      (origin
-       (method url-fetch)
-       (uri "mirror://sourceforge/vde/vde2/2.3.2/vde2-2.3.2.tar.gz")
+       (method git-fetch)
+       (uri (git-reference
+              (url "https://github.com/virtualsquare/vde-2")
+              (commit commit)))
+       (file-name (git-file-name name version))
        (sha256
-        (base32 "14xga0ib6p1wrv3hkl4sa89yzjxv7f1vfqaxsch87j6scdm59pr2"))))
+        (base32 "1dirkcbjh7c5kz7d065g1yq7vg8jl93hql3brfxd84k8hc8nqjb2"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:parallel-build? #f))           ; Build fails if #t.
+     `(#:parallel-build? #f ; Build fails if #t.
+       #:phases
+       (modify-phases %standard-phases
+         ;; Although VDE-2 has been updated upstream to use wolfSSL
+         ;; instead of OpenSSL, the configure script was not updated to
+         ;; check for wolfSSL instead of OpenSSL.
+         (add-after 'unpack 'fix-wolfssl-configuration
+           (lambda _
+             (substitute* "configure.ac"
+               (("crypto") "wolfssl")
+               (("EVP_EncryptInit") "wc_Chacha_Process")))))))
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)))
     (inputs
      `(("python" ,python)
        ("libpcap" ,libpcap)
-       ("openssl" ,openssl-1.0)))       ; Build fails with 1.1.
+       ("wolfssl" ,wolfssl)))
     (home-page "https://github.com/virtualsquare/vde-2")
     (synopsis "Virtual Distributed Ethernet")
     (description "VDE is a set of programs to provide virtual software-defined
@@ -3860,7 +3879,7 @@ cables.")
                    license:lgpl2.1       ; libvdeplug
                    (license:non-copyleft ; slirpvde
                     "file://COPYING.slirpvde"
-                    "See COPYING.slirpvde in the distribution.")))))
+                    "See COPYING.slirpvde in the distribution."))))))
 
 (define-public haproxy
   (package
-- 
2.32.0

Message #31 received at 49556@debbugs.gnu.org (full text, mbox, reply):

From: Diego Nicola Barbato <dnbarbato@posteo.de>

To: Leo Famulari <leo@famulari.name>

Cc: 49556@debbugs.gnu.org

Subject: Re: [bug#49556] [PATCH 2/2] gnu: VDE 2: Update to 2.3.2-0.8599321.

Date: Thu, 05 Aug 2021 15:37:47 +0000

Hi Leo,

Leo Famulari <leo@famulari.name> writes:

> On Tue, Aug 03, 2021 at 06:01:33PM +0000, Diego Nicola Barbato wrote:
>> I suspect the following lines in configure.ac are the culprit:
>> 
>> --8<---------------cut here---------------start------------->8---
>> AC_CHECK_LIB([crypto], [EVP_EncryptInit],
>>   [add_cryptcab_support=yes],
>>   [add_cryptcab_support=no ; warn_cryptcab=yes])
>> --8<---------------cut here---------------end--------------->8---
>
> Thanks for catching that!
>
>> I'll report this issue upstream.
>
> Okay, please share the link to your report once you have made it.

I've submitted a pull request:
https://github.com/virtualsquare/vde-2/pull/27

Regards,

Diego

Message #36 received at 49556-done@debbugs.gnu.org (full text, mbox, reply):

From: Leo Famulari <leo@famulari.name>

To: Diego Nicola Barbato <dnbarbato@posteo.de>

Cc: 49556-done@debbugs.gnu.org

Subject: Re: [bug#49556] [PATCH 2/2] gnu: VDE 2: Update to 2.3.2-0.8599321.

Date: Wed, 11 Aug 2021 15:47:09 -0400

On Thu, Aug 05, 2021 at 03:37:47PM +0000, Diego Nicola Barbato wrote:
> Hi Leo,
> 
> Leo Famulari <leo@famulari.name> writes:
> 
> > On Tue, Aug 03, 2021 at 06:01:33PM +0000, Diego Nicola Barbato wrote:
> >> I suspect the following lines in configure.ac are the culprit:
> >> 
> >> --8<---------------cut here---------------start------------->8---
> >> AC_CHECK_LIB([crypto], [EVP_EncryptInit],
> >>   [add_cryptcab_support=yes],
> >>   [add_cryptcab_support=no ; warn_cryptcab=yes])
> >> --8<---------------cut here---------------end--------------->8---
> >
> > Thanks for catching that!
> >
> >> I'll report this issue upstream.
> >
> > Okay, please share the link to your report once you have made it.
> 
> I've submitted a pull request:
> https://github.com/virtualsquare/vde-2/pull/27

They accepted your patch.

I've added the wolfSSL package and updated VDE-2 to include your fix,
with commit e6388b48f3df21b792cd61f93fddc7274238bac6

Send a report that this bug log contains spam.